Do you own/operate an accounting firm, or do you work with one to handle your taxes?

Small businesses are becoming a more lucrative target for Cyber scams these days, for a myriad of reasons:

Most companies that are very small, <50, might not have the resources to have a full-time IT specialist.

Without a dedicated IT person more items are purchases and used in a 'Turn it on and Forget' mentality.

If they do use an IT Firm for the initial setup, do they have them come back and perform security patches on their devices, etc for new threats?

They may have a local IT specialist they are using (family friend, someone's relative) that may know how to set things up, but may not be up to date on the recent threats.

Your local IT support could get compromised on their personal computers, spilling the details of how they 'remotely' help you!

Ok, so now you have me worried, what do I do!!

Talk with your IT support, and make sure that you let them know you are concerned about these types of things.

Have an understanding of what you precautions you need to take, and what precautions anyone that has access is taking.

If you allow someone 'remote' control, make sure it is not set to 'Always On'. Set it to be manually activate by YOU and you are available to monitor their work in progress so you have the power to end a session if something does not look right.

Don't sit back and watch the 'magic' happen. If you see something, ask what they are doing.

....but I can't afford ANY IT, so I am left to fend for myself!

There are resources available to you! When you get a new device, don't hesitate to call the manufacturer and ask their support these questions.

Find someone that is reputable through your business networks, or even in your family that you know is trustworthy. You do not have to use them for IT, but ask for advice.

Check out online resources like StaySafeOnline.org (see below). There are also resources provided by government agencies for specific things, like the IRS for Taxes and they have tips available.

Weigh the Cost/Risk benefit of paying for a security audit, even if one time it would provide you with a good starting point. A cost up front may be better than dealing with the fallout of theft of customer data.

Resources

You may already be following some standards if you handle transactions, through PCI Compliance. You can take the steps you use to secure your merchant equipment and apply that to other devices in your office!